Create Nessus SSL Certificates for Login

To log in to a Nessus server with SSL certificates, the certificates must be created with the proper utility. For this process, the nessuscli mkcert-client command line utility is used on the system. The six questions asked are to set defaults for the creation of users during the current session. These include certificate lifetime, country, state, location, organization, and organizational unit. The defaults for these options may be changed during the actual user creation if desired. The user will then be created one at a time as prompted. At the end of the process the certificates are copied appropriately and are used to log in to the Nessus server.

Fill in the fields as prompted. The process is identical on a Linux or Windows server.

Tip: The client certificates will be placed in the temporary directory in Nessus:

Linux: /opt/nessus/var/nessus/tmp/

Mac OS X: /Library/Nessus/run/var/nessus/tmp/

Windows: C:\ProgramData\Tenable\Nessus\tmp

Tip: Windows installations of Nessus do not come with man pages (local manual instructions). Consult the Tenable, Inc. Support Portal for additional details on commonly used Nessus executables.

Two files are created in the temporary directory. In the example demonstrated in the previous step, cert_sylvester.pem and key_sylvester.pem were created. These two files must be combined and exported into a format that may be imported into the web browser such as .pfx. This may be accomplished with the openssl program and the following command: